From 3bc765bf4d6d69b8eb13b975b74bac997391727a Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 25 Dec 2023 19:18:16 +0100 Subject: [PATCH] Add Penpot chart Update maintainer information Update version for Dispatch chart Update version for Netbox chart Update version for Attic chart Update version for Hasura Engine chart Update maintainer information for FDB Operator chart --- README.org | 36 ++++++++++- charts/attic/Chart.yaml | 7 +-- charts/conduit/Chart.yaml | 3 + charts/dispatch/Chart.yaml | 5 +- charts/fdb-operator/Chart.yaml | 15 +---- charts/hasura-engine/Chart.yaml | 5 +- charts/netbox/Chart.yaml | 5 +- charts/penpot/.helmignore | 23 +++++++ charts/penpot/Chart.yaml | 16 +++++ charts/penpot/templates/_helpers.tpl | 57 +++++++++++++++++ .../penpot/templates/deployment-backend.yaml | 62 +++++++++++++++++++ .../penpot/templates/deployment-exporter.yaml | 49 +++++++++++++++ .../penpot/templates/deployment-frontend.yaml | 48 ++++++++++++++ charts/penpot/templates/serviceaccount.yaml | 5 ++ charts/penpot/templates/services.yaml | 38 ++++++++++++ charts/penpot/values.yaml | 27 ++++++++ 16 files changed, 378 insertions(+), 23 deletions(-) create mode 100644 charts/penpot/.helmignore create mode 100644 charts/penpot/Chart.yaml create mode 100644 charts/penpot/templates/_helpers.tpl create mode 100644 charts/penpot/templates/deployment-backend.yaml create mode 100644 charts/penpot/templates/deployment-exporter.yaml create mode 100644 charts/penpot/templates/deployment-frontend.yaml create mode 100644 charts/penpot/templates/serviceaccount.yaml create mode 100644 charts/penpot/templates/services.yaml create mode 100644 charts/penpot/values.yaml diff --git a/README.org b/README.org index c4e50db..71c3911 100644 --- a/README.org +++ b/README.org @@ -48,13 +48,47 @@ Below you'll find an overview of the charts and an intro to get you started. - [[charts/][Dispatch]]: A incident management and coordination system developed by Netflix. -- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple. +- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple. + This buils and deploys, but I don't actively use it at the moment. - [[charts/hasura-engine][Hasura]]: Connects to databases and services to provide a realtime GraphQL API. - [[charts/netbox][Netbox]]: Modeling and docs for IP address management (IPAM) and datacenter infrastructure management (DCIM). +- [[charts/penpot][Penpot]]: Design and prototyping tool. For visual collaboration on visuals, prototypes, UX and more. + +*** Requirements + +You may need the following: + +* S3 compatible storage +* PostgreSQL + +All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific +implementations. + +*** Principles + +So what makes this repo different from others? It is KISS and Safe of course. + +- All secrets and ingresses are defined in a secret external from the chart +- We expect that an ingress terminates external connection and TLS +- Always use object storage over block storage when possible +- Never rely on vendor-specific components +- We prefer open source +- We never leave room for plaintext secrets, a sane default +- We always leave for initContainers +- We use as few values as possible in values.yaml +- Always use external databases and transports +- We always configure for OIDC when possible +- A values file should be possible to read up on in minutes +- We only support the current major version of Kubernetes and the application +- Always enable service accounts +- Use semver for versioning + +If you see a chart that does not comply with these principles, please open an issue. + *** 🧑‍💻 Usage **** Exploration diff --git a/charts/attic/Chart.yaml b/charts/attic/Chart.yaml index 336e45c..65f2aea 100644 --- a/charts/attic/Chart.yaml +++ b/charts/attic/Chart.yaml @@ -1,12 +1,11 @@ ---- apiVersion: v2 name: attic-repo description: A Nix binary caching server appVersion: b43d12 type: application -version: 0.5 +version: 0.5.0 maintainers: - - name: Tommy Skaug - email: tommy@skaug.me +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/conduit/Chart.yaml b/charts/conduit/Chart.yaml index 46a3a6b..fa1a54b 100644 --- a/charts/conduit/Chart.yaml +++ b/charts/conduit/Chart.yaml @@ -4,3 +4,6 @@ description: Conduit is a simple, fast and reliable chat server powered by Matri type: application version: 0.2.9 appVersion: "0.6.0" +maintainers: +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/dispatch/Chart.yaml b/charts/dispatch/Chart.yaml index 81b8caf..5910a39 100644 --- a/charts/dispatch/Chart.yaml +++ b/charts/dispatch/Chart.yaml @@ -1,4 +1,7 @@ apiVersion: v2 name: dispatch description: Netflix Dispatch incident management system -version: 0.3.2 \ No newline at end of file +version: 0.3.2 +maintainers: +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/fdb-operator/Chart.yaml b/charts/fdb-operator/Chart.yaml index 03f7e93..98df70d 100644 --- a/charts/fdb-operator/Chart.yaml +++ b/charts/fdb-operator/Chart.yaml @@ -4,20 +4,9 @@ description: A Helm chart for foundationDB operator home: https://www.foundationdb.org/ sources: - https://github.com/FoundationDB/fdb-kubernetes-operator/tree/master/helm/fdb-operator -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. version: 0.2.2 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. appVersion: v1.30.0 maintainers: -- name: "foundationdb-ci" +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/hasura-engine/Chart.yaml b/charts/hasura-engine/Chart.yaml index b97a628..26676b3 100644 --- a/charts/hasura-engine/Chart.yaml +++ b/charts/hasura-engine/Chart.yaml @@ -2,4 +2,7 @@ apiVersion: v2 name: hasura-engine description: GraphQL Engine to make data accessible over a GraphQL API type: application -version: 0.1.2 \ No newline at end of file +version: 0.1.2 +maintainers: +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index a4ac3af..d62566b 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v2 name: netbox description: | @@ -12,5 +11,5 @@ appVersion: 3.6.3 type: application version: 5.5.3 maintainers: - - name: Tommy Skaug - email: tommy@skaug.me +- name: Tommy Skaug + email: tommy@skaug.me diff --git a/charts/penpot/.helmignore b/charts/penpot/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/penpot/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/penpot/Chart.yaml b/charts/penpot/Chart.yaml new file mode 100644 index 0000000..b25cd31 --- /dev/null +++ b/charts/penpot/Chart.yaml @@ -0,0 +1,16 @@ +name: penpot +maintainers: +- name: Tommy Skaug + email: tommy@skaug.me +apiVersion: v2 +appVersion: 1.19.3 +version: 2.0.0 +description: Penpot is a design and prototyping platform for teams and individuals. +home: https://github.com/tommy-skaug/charts +icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4 +keywords: +- kubernetes +- penpot +- design +sources: +- https://github.com/penpot/penpot diff --git a/charts/penpot/templates/_helpers.tpl b/charts/penpot/templates/_helpers.tpl new file mode 100644 index 0000000..97aeedf --- /dev/null +++ b/charts/penpot/templates/_helpers.tpl @@ -0,0 +1,57 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "penpot.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "penpot.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "penpot.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels. +*/}} +{{- define "penpot.labels" -}} +helm.sh/chart: {{ include "penpot.chart" . }} +app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + + +{{/* +Create the name of the service account to use. +*/}} +{{- define "penpot.serviceAccountName" -}} +{{- if .Values.serviceAccount.enabled -}} + {{ default (include "penpot.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/penpot/templates/deployment-backend.yaml b/charts/penpot/templates/deployment-backend.yaml new file mode 100644 index 0000000..f1f21a1 --- /dev/null +++ b/charts/penpot/templates/deployment-backend.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.backend.replicaCount }} + selector: + matchLabels: + {{- include "penpot.backendSelectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "penpot.backendSelectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + securityContext: + podSecurityContext: + enabled: true + fsGroup: 1001 + + containers: + - name: {{ .Chart.Name }}-backend + image: + repository: "penpotapp/backend:{{ .Values.penpotVersion.tag }}" + imagePullPolicy: IfNotPresent + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + volumeMounts: + - mountPath: /opt/data + name: app-data + readOnly: false + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_TELEMETRY_ENABLED + value: false + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.registrationDomainWhitelist | quote }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + ports: + - name: http + containerPort: 6060 + protocol: TCP + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} + volumes: + - name: app-data + emptyDir: {} diff --git a/charts/penpot/templates/deployment-exporter.yaml b/charts/penpot/templates/deployment-exporter.yaml new file mode 100644 index 0000000..05ba6db --- /dev/null +++ b/charts/penpot/templates/deployment-exporter.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.exporter.replicaCount }} + template: + spec: + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + securityContext: + podSecurityContext: + enabled: true + fsGroup: 1001 + + readOnlyRootFilesystem: false + runAsNonRoot: true + containers: + - name: {{ .Chart.Name }}-exporter + image: + repository: "penpotapp/exporter:{{ .Values.penpotVersion.tag }}" + imagePullPolicy: IfNotPresent + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_TELEMETRY_ENABLED + value: false + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.registrationDomainWhitelist | quote }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + ports: + - name: http + containerPort: 6061 + protocol: TCP + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} diff --git a/charts/penpot/templates/deployment-frontend.yaml b/charts/penpot/templates/deployment-frontend.yaml new file mode 100644 index 0000000..ef97abd --- /dev/null +++ b/charts/penpot/templates/deployment-frontend.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-frontend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + template: + spec: + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + securityContext: + podSecurityContext: + enabled: true + fsGroup: 1001 + containers: + - name: {{ .Chart.Name }}-frontend + image: "penpotapp/frontend:{{ .Values.penpotVersion.tag }}" + imagePullPolicy: IfNotPresent + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_TELEMETRY_ENABLED + value: false + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.registrationDomainWhitelist | quote }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} + diff --git a/charts/penpot/templates/serviceaccount.yaml b/charts/penpot/templates/serviceaccount.yaml new file mode 100644 index 0000000..f8a960e --- /dev/null +++ b/charts/penpot/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "penpot.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/penpot/templates/services.yaml b/charts/penpot/templates/services.yaml new file mode 100644 index 0000000..0804fd9 --- /dev/null +++ b/charts/penpot/templates/services.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-frontend + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + ports: + - port: 6061 + targetPort: http + protocol: TCP + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + ports: + - port: 6060 + targetPort: http + protocol: TCP + name: http \ No newline at end of file diff --git a/charts/penpot/values.yaml b/charts/penpot/values.yaml new file mode 100644 index 0000000..d3845f8 --- /dev/null +++ b/charts/penpot/values.yaml @@ -0,0 +1,27 @@ +envFromSecret: penpot-secret +penpotVersion: 1.19.3 + +publicURI: "http://localhost:8080" +registrationDomainWhitelist: "localhost" +flags: "enable-registration enable-login disable-demo-users disable-demo-warning disable-secure-session-cookies" + +serviceAccount: + name: "penpot-sa" + +backend: + replicaCount: 1 + resources: + limits: {} + requests: {} + +frontend: + replicaCount: 1 + resources: + limits: {} + requests: {} + +exporter: + replicaCount: 1 + resources: + limits: {} + requests: {}